kiwi-vpn/api/kiwi_vpn_api/routers/_common.py

119 lines
2.8 KiB
Python
Raw Normal View History

2022-03-20 03:45:40 +00:00
"""
Common dependencies for routers.
"""
2022-03-23 00:39:19 +00:00
from fastapi import Depends, HTTPException, status
2022-03-19 04:07:19 +00:00
from fastapi.security import OAuth2PasswordBearer
2022-03-28 20:18:19 +00:00
from ..config import Config, Settings
2022-03-28 21:41:49 +00:00
from ..db import UserCapabilityType, User
2022-03-19 04:07:19 +00:00
2022-03-28 20:18:19 +00:00
oauth2_scheme = OAuth2PasswordBearer(
tokenUrl=f"{Settings._.api_v1_prefix}/user/authenticate"
)
2022-03-19 04:07:19 +00:00
2022-03-19 17:11:52 +00:00
class Responses:
2022-03-20 03:45:40 +00:00
"""
Just a namespace.
Describes API response status codes.
"""
OK = {
2022-03-19 17:11:52 +00:00
"content": None,
}
2022-03-20 03:45:40 +00:00
INSTALLED = {
2022-03-19 17:11:52 +00:00
"description": "kiwi-vpn already installed",
"content": None,
}
2022-03-20 03:45:40 +00:00
NOT_INSTALLED = {
2022-03-19 17:11:52 +00:00
"description": "kiwi-vpn not installed",
"content": None,
}
2022-03-20 03:45:40 +00:00
NEEDS_USER = {
2022-03-19 17:11:52 +00:00
"description": "Must be logged in",
"content": None,
}
2022-03-20 03:45:40 +00:00
NEEDS_ADMIN = {
2022-03-19 17:11:52 +00:00
"description": "Must be admin",
"content": None,
}
2022-03-23 15:44:35 +00:00
NEEDS_ADMIN_OR_SELF = {
"description": "Must be the requested user",
"content": None,
}
2022-03-20 03:45:40 +00:00
ENTRY_EXISTS = {
2022-03-19 18:06:28 +00:00
"description": "Entry exists in database",
"content": None,
}
2022-03-23 13:25:00 +00:00
ENTRY_DOESNT_EXIST = {
"description": "Entry does not exist in database",
"content": None,
}
2022-03-19 17:11:52 +00:00
2022-03-19 04:07:19 +00:00
async def get_current_user(
token: str = Depends(oauth2_scheme),
current_config: Config | None = Depends(Config.load),
2022-03-23 00:39:19 +00:00
) -> User | None:
2022-03-20 03:45:40 +00:00
"""
Get the currently logged-in user from the database.
"""
# can't connect to an unconfigured database
2022-03-19 04:07:19 +00:00
if current_config is None:
2022-03-24 15:51:36 +00:00
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST)
2022-03-19 04:07:19 +00:00
username = await current_config.jwt.decode_token(token)
return User.get(username)
2022-03-23 00:39:19 +00:00
2022-03-24 15:51:36 +00:00
async def get_current_user_if_exists(
2022-03-23 00:39:19 +00:00
current_user: User | None = Depends(get_current_user),
) -> User:
"""
2022-03-24 15:51:36 +00:00
Get the currently logged-in user if it exists.
2022-03-23 00:39:19 +00:00
"""
2022-03-23 01:14:02 +00:00
# fail if not requested by a user
if current_user is None:
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
2022-03-24 15:51:36 +00:00
return current_user
async def get_current_user_if_admin(
current_user: User = Depends(get_current_user_if_exists),
) -> User:
"""
Get the currently logged-in user if it is an admin.
"""
2022-03-23 00:39:19 +00:00
# fail if not requested by an admin
2022-03-28 21:41:49 +00:00
if not current_user.can(UserCapabilityType.admin):
2022-03-23 01:14:02 +00:00
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
2022-03-24 15:51:36 +00:00
return current_user
2022-03-23 01:14:02 +00:00
async def get_current_user_if_admin_or_self(
user_name: str,
2022-03-24 15:51:36 +00:00
current_user: User = Depends(get_current_user_if_exists),
2022-03-23 01:14:02 +00:00
) -> User:
"""
Get the currently logged-in user.
Fails a) if the currently logged-in user is not the requested user,
and b) if it is not an admin.
"""
# fail if not requested by an admin or self
2022-03-28 21:41:49 +00:00
if not (current_user.can(UserCapabilityType.admin)
or current_user.name == user_name):
2022-03-23 00:39:19 +00:00
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
2022-03-24 15:51:36 +00:00
return current_user